<?php
session_start();
include "library.php";

//If user has not logged in, redirect to login

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user presses logout button, clear session, and redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//If not admin, redirect

if($_SESSION["position"] != 1){ //User is not an administrator
  header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 2);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");
?>

<form method = "post">
<BR><h4>Search for User</h4><br>(Leave blank to see all entries)<BR><BR><input type = "text" name = "keywords" value = "" maxlength = 200/>
<input type = "submit" name = "Add" value = "Search"/>
<?php

//If user presses submit, process

if(isset($_POST["Add"])){
  $count = 0;
  $query = sprintf("SELECT * FROM Users WHERE Approved = 1 AND (FirstName LIKE '%s' OR LastName LIKE '%s' OR UserID LIKE '%s' OR Email LIKE '%s') ORDER BY Position ASC, LastName ASC LIMIT 30",
    mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["keywords"]))."%",$pwdb),
    mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["keywords"]))."%",$pwdb),
    mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["keywords"]))."%",$pwdb),
    mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["keywords"]))."%",$pwdb));
  $queryResults = dbquery($query);
  echo "<table id=\"infotable\"><tr><th>Name</th><th>UserID</th><th>Email</th><th>Permissions</th></tr>";
	
  //Loop and display table with all relevant users and a link to edit user data
	
  while($queryObjects = mysql_fetch_object($queryResults)){
   
    //The value of the checked radio button varies based on type of permission user already had, Admin will not be displayed
	
    if($queryObjects->Position == 2){
      echo "<tr><td>".$queryObjects->FirstName." ".$queryObjects->LastName."</td><td>".$queryObjects->UserID."</td><td>".$queryObjects->Email."</td><td><INPUT TYPE = \"radio\" NAME = \"PermDec".$queryObjects->UserNum."\" CHECKED VALUE = \"1\">Lead Researcher<INPUT TYPE = \"radio\" NAME = \"PermDec".$queryObjects->UserNum."\" VALUE = \"2\">Researcher</td></tr>";
      $arr[$count] = $queryObjects->UserNum;
      $count++;
    } else if($queryObjects->Position == 3){
      echo "<tr><td>".$queryObjects->FirstName." ".$queryObjects->LastName."</td><td>".$queryObjects->UserID."</td><td>".$queryObjects->Email."</td><td><INPUT TYPE = \"radio\" NAME = \"PermDec".$queryObjects->UserNum."\" VALUE = \"1\">Lead Researcher<INPUT TYPE = \"radio\" NAME = \"PermDec".$queryObjects->UserNum."\" CHECKED VALUE = \"2\">Researcher</td></tr>";
      $arr[$count] = $queryObjects->UserNum;
      $count++;
    }
  }
  echo "</table><BR>";
  echo "<input type = 'submit' name = 'add2' value = 'Submit Changes' /><br />";
  echo "</form>";
  $_SESSION["array"] = $arr;
}

//If user submits decesions on user(s), process

if(isset($_POST["add2"])){
  $loopCount = 0;
  $radios = $_SESSION["array"];

  //While there are radios to process, process

  while($loopCount < sizeof($radios)){

    //File has been Suggested, do nothing on else
 
    if($_POST["PermDec".$radios[$loopCount]] == 1){ 
      $queryUpdate = sprintf("Update Users SET Position = 2 WHERE UserNum ='%s'",
        mysql_real_escape_string($radios[$loopCount],$pwdb));
      dbquery($queryUpdate);
    } else {
      $queryUpdate = sprintf("Update Users SET Position = 3 WHERE UserNum ='%s'",
        mysql_real_escape_string($radios[$loopCount],$pwdb));
      dbquery($queryUpdate);
    }
    $loopCount++;
  }
  echo "<script>location.href='UserPerm.php'</script>";
}
print_footer();
?>